IETF Logo Mail Archive

Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt

"David A. Cooper" <david.cooper@nist.gov> Thu, 25 May 2006 00:01 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Fj3Hi-0002od-H3 for pkix-archive@lists.ietf.org; Wed, 24 May 2006 20:01:02 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Fj3Hh-0002uz-1H for pkix-archive@lists.ietf.org; Wed, 24 May 2006 20:01:02 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OM2F2D090780; Wed, 24 May 2006 15:02:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k4OM2Fdl090779; Wed, 24 May 2006 15:02:15 -0700 (MST) (envelope-from owner-ietf-pkix@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-pkix@mail.imc.org using -f
Received: from smtp.nist.gov (rimp2.nist.gov [129.6.16.227]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k4OM2EM4090773 for <ietf-pkix@imc.org>; Wed, 24 May 2006 15:02:15 -0700 (MST) (envelope-from david.cooper@nist.gov)
Received: from postmark.nist.gov (pushme.nist.gov [129.6.16.92]) by smtp.nist.gov (8.13.1/8.13.1) with ESMTP id k4OM29cN010119 for <ietf-pkix@imc.org>; Wed, 24 May 2006 18:02:09 -0400
Received: from [129.6.54.72] (st26.ncsl.nist.gov [129.6.54.72]) by postmark.nist.gov (8.13.6/8.13.6) with ESMTP id k4OM25s9019480 for <ietf-pkix@imc.org>; Wed, 24 May 2006 18:02:06 -0400 (EDT)
Message-ID: <4474D84C.6040409@nist.gov>
Date: Wed, 24 May 2006 18:03:56 -0400
From: "David A. Cooper" <david.cooper@nist.gov>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: pkix <ietf-pkix@imc.org>
Subject: Re: I-D ACTION:draft-ietf-pkix-rfc3280bis-03.txt
References: <E1FizMn-0004Lb-FO@stiedprstage1.ietf.org>
In-Reply-To: <E1FizMn-0004Lb-FO@stiedprstage1.ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner: Found to be clean
X-NIST-MailScanner-From: david.cooper@nist.gov
Sender: owner-ietf-pkix@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-ID: <ietf-pkix.imc.org>
List-Unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a2c12dacc0736f14d6b540e805505a86

All,

Draft 3 of 3280bis contains minor changes from draft 2.  A diff file 
highlighting the changes is available at 
http://csrc.nist.gov/pki/documents/PKIX/draft3280bis-02todraft3280bis-03_diff.html.

Draft 3 includes the following changes:

1. Section 1 now highlights the changes between 3280 and 3280bis rather 
than between
    2459 and 3280.

2. Modifications were made in sections 4.1.2.4 and 4.1.2.6 to align with
    draft-ietf-pkix-cert-utf8-03.txt.

2. Section 4.2.1.10 includes a reference to draft-ietf-pkix-srvsan-01.txt
    as an example of another document that specifies rules for name 
constraints.

3. Changes to section 4.2.1.12 were made to clarify that applications 
may require
    the presence of a specific OID in the extended key usage extension.

4. In section 4.2.1.13 the requirement for file names specified in an 
HTTP URI to
    have a ".crl" extension was removed.

5. References to PEM in sections 6 and 6.2 were removed since the text 
in section
    6.2 was incorrect and there did not seem to be a compelling reason 
to correct
    the text rather than simply removing it.

6. In section 6.1.1 item (d) and section 6.1.2 item (j), the text 
describing the source
    of trust anchor information was clarified.

7. In section 6.1.3, item (c): replaced "one" with "any".

8. The description of Figure 7 in section 6.1.3 after item (d)(3) was 
modified for clarity.

9. Section 6.3.3 item (f): Added a sentence noting that trust anchor for 
CRL certification
    path must be same as certification path for target certificate (as 
was already stated
    in the Security Considerations section).

10. Added paragraphs to Security Considerations section about the risk 
of circular
      dependencies in AIA, SIA, and CDP extensions.

11. Added paragraph to Security Considerations section about risks 
involving names with
      similar visual representations.

11. Appendix C:  Clarified that string representations of DNs follow RFC 
2253 formatting rules.

A number of spelling errors were also corrected and a few changes were 
made to correct some ID-nits.

Dave

Internet-Drafts@ietf.org wrote:

>A New Internet-Draft is available from the on-line Internet-Drafts directories.
>This draft is a work item of the Public-Key Infrastructure (X.509) Working Group of the IETF.
>
>	Title		: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
>	Author(s)	: D. Cooper, et al.
>	Filename	: draft-ietf-pkix-rfc3280bis-03.txt
>	Pages		: 141
>	Date		: 2006-5-24
>	
>This memo profiles the X.509 v3 certificate and X.509 v2 Certificate
>   Revocation List (CRL) for use in the Internet.  An overview of this
>   approach and model are provided as an introduction.  The X.509 v3
>   certificate format is described in detail, with additional
>   information regarding the format and semantics of Internet name
>   forms.  Standard certificate extensions are described and two
>   Internet-specific extensions are defined.  A set of required
>   certificate extensions is specified.  The X.509 v2 CRL format is
>   described in detail, and required extensions are defined.  An
>   algorithm for X.509 certification path validation is described.  An
>   ASN.1 module and examples are provided in the appendices.
>
>A URL for this Internet-Draft is:
>http://www.ietf.org/internet-drafts/draft-ietf-pkix-rfc3280bis-03.txt
>
>  
>

v2.23.0 | Report a Bug | By Email